Hi David,
The CacheGuard is not cabled in yet. Our expectation is that on the inside of the network, we would have a private address in the 10.2.0.0/23 network and on the outside - pointing to the router, we would have a public ip address. We need a recommendation as to which one we call "internal" and which one we call "external" since this is not clearly a forward or reverse proxy.
The pre-authentication splash screen contains standard URL references using FQDNs. These resolve into a potentially large number of seemingly random ip addresses. The firewall will only accept ip addresses, port numbers and protocol numbers - it will not accept FQDNs in its configuration. It is a captive firewall in the WLAN controller and we cannot change thatge the FQDNs in the splash screens to a fixed ip address which would point to the inside port on the proxy. This ip address would also be in the firewall whitelist. The proxy would translate the ip address in the URL to the FQDN form in order to retrieve the content and relay it back to the client such that it appears to be coming from the inside ip address of the proxy.
The ID would be in whatever certificate is used by the content provider - we are not providing the certificate - self signed or otherwise.
We wanted to understand the capabilities before we implement.
Configuration in a pseudo reverse mode
Re: Configuration in a pseudo reverse mode
Dear RMansell
When you say:
Question 2: at the stage where a client get the splash screen, what is the IP configuration on the client machine? And especially what is the configured DNS on that machine (by the client DHCP)?
When you say:
Best Regards,
When you say:
Question 1: are those random IP private? Or public? If they are private to which subnet do they belong ? (10.2.0.0/23)?These resolve into a potentially large number of seemingly random ip addresses.
Question 2: at the stage where a client get the splash screen, what is the IP configuration on the client machine? And especially what is the configured DNS on that machine (by the client DHCP)?
When you say:
Question3: do you mean that the client at that stage will see in his browser an URL having the form: "https://10.2.xxx.yyy/..." but the content of that URL (the displayed page in the browser) is provided by the CDN?...such that it appears to be coming from the inside ip address of the proxy...
Best Regards,
Re: Configuration in a pseudo reverse mode
Dear RMansell
You have not been posting your replies since a long time. If you think that CacheGuard doesn't meet your particular needs we can close this topic. What do you think?
I also want to further clarify for our readers that with CacheGuard in its present version (NG 1.1.2):
Best Regards,
You have not been posting your replies since a long time. If you think that CacheGuard doesn't meet your particular needs we can close this topic. What do you think?
I also want to further clarify for our readers that with CacheGuard in its present version (NG 1.1.2):
- - Backend servers communicate with CacheGuard using HTTP only (and not HTTPS).
- Backend servers should be known in advance and identifiable by their IP addresses.
Best Regards,